Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bootrom challenge notes #5

Open
zhuowei opened this issue Sep 7, 2018 · 3 comments
Open

Bootrom challenge notes #5

zhuowei opened this issue Sep 7, 2018 · 3 comments

Comments

@zhuowei
Copy link

zhuowei commented Sep 7, 2018

I started annotating the bootrom dump at https://gist.github.com/zhuowei/d6ff16f05faf13ba9e946345d4840db6. I generated the dump with Objdump:

riscv64-unknown-elf-objcopy --change-addresses=0x10000 -I binary -O elf64-littleriscv -B riscv bootrom.bin bootrom.elf
riscv64-unknown-elf-objdump -DrCt bootrom.elf >dumped.txt

and added the method names by comparing the disassembly with the disasembly of the zsbl built from this repo using the latest (2018.7) SiFive toolchain.


Edit 1: Pushed my changes to https://github.com/zhuowei/freedom-u540-c000-bootloader/tree/tweaking

Building this repo with both the 2018-07 toolchain and the oldest toolchain I can find (20170503), the

call main

pseudoinstruction in start.S compiles to a jal, but in the bootrom it compiles to a pair of auipc/jalr instructions:

   100ca:	00000097          	auipc	ra,0x0
   100ce:	05a080e7          	jalr	90(ra)

I tried both code models and that didn't make a difference either. Otherwise _prog_start is identical to the bootrom version (except for the offsets) once SKIP_ECC_WIPEDOWN is defined.


Edit 2:

I switched to the 20170503 toolchain, since it generates identical code for init_uart as the bootrom code, while the latest toolchain generates it in a different order.

I tried passing in -Wl,--no-relax to the linker to solve the auipc/jalr issue; this doesn't work: this changes all the calls to methods to auipc/jalr pairs, but some calls such as the call to handle_trap in trap_entry and the call to ux00boot_load_gpt_partition in main do use the shorter single jal instruction. This suggests that the bootrom was built with a compiler similar to the 20170503 release, but with a linker that has different support for relaxation.

I don't know how to proceed from here. Try even older compilers?


Edit 3: the dtb in the bootrom is also slightly different from the dts file included here: https://gist.github.com/zhuowei/d6ff16f05faf13ba9e946345d4840db6#file-gistfile1-txt

@ddevault
Copy link

ddevault commented Sep 8, 2018

I pushed the old device tree to my fork:

https://github.com/SirCmpwn/freedom-u540-c000-bootloader/tree/reproducable-builds

@scintill
Copy link

scintill commented Sep 8, 2018

I've had the same struggles as the summary at top. @tmagik, can you tell us what exact toolchain was used?

@tmagik
Copy link
Contributor

tmagik commented Sep 12, 2018

Try this:

riscv-software-src/riscv-tools@3921adb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants